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BACKGROUND OF THE INVENTION 

1 . Field of the Invention 

This invention relates to the safeguarding of personal information in electronic commerce 
transactions. More particularly, the present invention addresses the privacy concerns of consumers 
in the electronic marketplace by limiting access to package delivery information. 

2. Description of the Related Art 

The advent of electronic commerce over the Internet has spurred economic development by 
fostering new products and industries and revitalizing old ones. Electronic commerce has also 
brought an unprecedented array of choices to consumers, who now can make purchases without 
regard to geographical or political boundaries. However, the increasingly global interconnectivity 
making such electronic commerce possible is fraught with potential dangers to the consumer. One 
such danger is the misuse of personal and financial information. Indeed, each time that a consumer 
makes an online purchase from a vendor over the World Wide Web (hereafter "Web"), he or she 
typically must supply the vendor with personal information, such as his or her name, address, 
telephone numbers, email address and financial information such as a credit card number, for 
example. Often the consumer is also invited to supply other information, such as annual income, 
number of dependents, etc. Such information tends to be persistent, and is usually stored in 
databases (whether such database belong to the vendor, credit agencies or other vendors) and may 
be used for purposes wholly unforeseen by the customer at the time of the original transaction. 
Individual consumers are not the only ones that may be harmed by such practices; businesses also 
have an interest in protecting their business information, be it customer lists, key suppliers and the 
like. 
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Even if the online purchase, however, is somehow made in an anonymous or quasi- 
anonymous fashion (that is, without divulging personal or financial information to the vendor), the 
vendor typically must still ship the package to a delivery address, which may be the purchaser's 
home or business address or the address of a customer, friend or relative. This information, then, 
5 must be given to the vendor who then may store the supplied information for later use or misuse. 

Some of the potential consequences of providing such addressee information to the vendor 
are discussed with reference to Fig. 1, which shows a conventional method of shipping goods from 
a vendor to a customer. As shown therein, the customer makes an electronic purchase at SI 1, and 
is invited to provide the vendor with his or her personal and financial information, such as payment 

10 information (credit card numbers, for example) and personal information such as telephone 
numbers, physical and/or electronic addresses (email address, for example) and shipping 
information, as shown at S13. At step SI 4, the vendor processes and stores the supplied 
information (typically in a database, as shown at reference numeral 10 in Fig. 1). The vendor then 
packages the goods purchased by the customer, applies a shipping label to the package and 

15 surrenders the package to a shipper or freight forwarder (such as the US post office, UPS® or 
FedEx®, for example) for delivery to the customer 12. 

However, the effects of supplying the vendor with the above-listed personal and financial 
information are not confined to the underlying purchase. Indeed, as shown in Fig. 1, the vendor 
may itself send the customer 12 unwanted email, subject the customer 12 to unwanted telephone 
20 solicitations, or send the customer unsolicited commercial mailings (commonly referred to as 
"junk mail"). More egregious still, the vendor may sell the customer-provided information to third 
parties, collectively referenced in Fig. 1 at 14. The vendor may also sell aggregate customer 
information - that is, information that does not identify any particular one customer, a relatively 
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benign act. However, the vendor may also sell his or her customers' individual personal and 
financial information to third parties 14, without the consent or knowledge of the affected 
customers. In turn, such third parties 14 may also subject the customer 12 to a barrage of 
unwanted emails, solicitations and/or junk mail. The customer, if a business, may have business 
5 reasons such as the preservation of trade secrets, for wanting anonymous shipping. Such 
unwelcome intrusions are, however, but a few manifestations of the universe of all possible 
deliberate uses and misuses of personal and financial information. Indeed, the customer's personal 
and financial information may be purchased or intercepted by parties wholly unforeseen by the 
customer and used for illegal purposes, such as to facilitate identity theft, for example. This 
jilO problem is exacerbated by the increasing proliferation of e-commerce vendors and Web sites, each 

— r - 

Jj of which collects and uses the customers' personal and financial information. 

Q i{ However, even if the actual purchase is somehow made in an anonymous or quasi- 

j : f 

5 anonymous fashion (akin to a face-to-face cash transaction, for example), the package containing 

the purchased goods still must be delivered to the customer or other addressee. In turn, this entails 
=r 15 that the name and address of the recipient of the package be provided to the vendor, with all of the 
^ above-detailed potential consequences of providing such information. 

SUMMARY OF THE INVENTION 

An object of the present invention, therefore, is to provide methods and systems for 
anonymous shipment of goods. Another object of the present invention is to provide methods and 
20 systems for vendors, shippers and trusted parties such as banks to handle anonymous shipments of 
goods. It is a still further object of the present invention to provide methods and systems for the 
anonymous forwarding of goods in digital form, such as software and music. 
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In accordance with the above-described objects and those that will be mentioned and will 
become apparent below, a method of enabling anonymous shipment of a package containing goods 
purchased by a customer from a vendor for delivery to an address unknown to the vendor, 
comprises steps of receiving a request for a package code for the package from the vendor; sending 
5 the package code to the vendor, the package code being devoid of delivery address information and 
sending a shipping identifier and an associated address to the shipper. The shipper, after picking 
up the package for shipment from the vendor, matches the package code sent to the vendor with 
the shipping identifier and identifies the associated address as the delivery address of the package. 
The package code may include a code number and machine-readable indicia expressing the code 
Q 10 number. The received request may include a request for authentication and/or an electronic draft 

: 3 ~z 

=f= for payment of the purchased goods and/or a shipping charge. The receiving and sending steps 
may be performed over a computer network, including leased lines, a private network, a virtual 
private network and/or the Internet. The receiving and sending steps may be carried out by a bank 

p or other trusted party. 

v i 15 According to another embodiment thereof, the present invention is a method of processing 

p 

f l a package identified by a package code devoid of delivery address information, the package 
containing goods purchased by a customer from a vendor for shipment to an address unknown to 
the vendor, comprising steps of receiving a request to pick up a package from the vendor, the 
package having a machine-readable package code affixed thereto, the request including a shipping 
20 identifier and a delivery address associated with the shipping identifier; picking up the package 
from the vendor; reading the package code affixed to the package; matching the package code with 
the received shipping identifier, and delivering the package to the delivery address associated with 
the shipping identifier. 
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Steps of printing a shipping label on which the delivery address is visible and affixing the 
shipping label on the package may also be carried out. The package code may include a code 
number and/or machine-readable indicia expressing the code number. The receiving step may be 
performed over a computer network that includes, for example, leased lines, a private network, a 
5 virtual private network and/or the Internet. The request may be sent to the shipper by a bank or by 
some other trusted party. 

According to still another embodiment, the present invention is a method of causing a 
package of goods purchased from a vendor to be delivered to an address unknown to the vendor, 
comprising steps of sending a request for a package code to a trusted entity; receiving the package 

10 code, the package code being devoid of delivery address information; affixing the package code to 
the package, and surrendering the package to a shipper. The shipper then matches the package 
code with a shipping identifier and associated delivery address previously received from the 
trusted entity, generates a shipping label specifying the associated delivery address and affixes the 
label to the package. The package code may include a code number and/or machine-readable 

15 indicia expressing the code number. The request may include a request for authentication and/or 
an electronic draft for payment of the purchased goods and/or a shipping charge. The receiving 
and sending steps may be performed over a computer network. The trusted entity may be a bank, 
for example. 

The present invention may also be viewed as a method of enabling a customer to 
20 anonymously purchase an item from a vendor via an electronic draft for delivery to an address 
without divulging the delivery address to the vendor, comprising the steps of storing, in a bank, an 
encrypted unique identifier for the customer, the encrypted unique identifier being linked to the 
customer's personal and financial information stored in the bank, including the delivery address; 
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authenticating the customer having caused a draft to be executed for payment of at least one of a 
purchase price of the item and a shipping cost by encrypting at least a portion of an identification 
data provided by the customer and successfully matching the encrypted identification data with the 
stored encrypted unique identifier; retrieving at least the authenticated customer's financial 
5 information and delivery address; honoring a draft presented by the vendor for payment of the item 
only when the customer is successfully authenticated by the bank; assigning a package code to the 
item, the assigned package code being associated with the retrieved delivery address; sending only 
the package code to the vendor, the vendor affixing the package code to the package, and sending 
the package code and the associated delivery address to a shipper for storage in a shipper database. 
10 The shipper then picks up the item from the vendor, and prints out a shipping label for the package, 
a delivery address on the label being that customer address linked to a package code stored in the 
shipper database that matches the package code affixed to the package. 

The identification data may include an ID and a password, biometric data and/or a digital 
certificate at the bank's discretion, as required for appropriate security, given the value of the 

15 transaction. The password is preferably known to the bank only in encrypted form. The 
customer's encrypted unique identifier, personal and financial information may be stored in a data 
structure managed by a Directory software controlled by the bank. The package code and the 
linked customer address may be replicated in the shipper database via Light Weight Directory 
Access Protocol (LDAP) or similar standard format. At least a portion of the shipper database may 

20 be replicated in a portable electronic device equipped with a package code scanner and a shipping 
label printer. The package code may include a code number and/or a machine-readable indicia 
expressing the code number. The authenticating and sending steps may be performed over a 
computer network including, for example, the Internet. 
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According to still another embodiment, the present invention is a method of enabling a 
customer having purchased goods in digital form from a vendor to have the goods delivered to a 
specified electronic delivery address without divulging the electronic delivery address to the 
vendor, comprising the steps of associating a package code with the specified electronic delivery 
5 address and storing the package code and the electronic delivery address; sending the vendor a 
package code and an associated forwarding electronic address, the forwarding electronic address 
being different from the electronic delivery address, the vendor forwarding the goods and the 
package code to the forwarding electronic address associated with the received package code; 
reading the forwarded package code and retrieving the stored electronic delivery address 
plO associated therewith, and delivering the goods to the retrieved electronic delivery address. The 
4= associating and storing steps may be carried out by a bank or other trusted entity. 

BRIEF DESCRIPTION OF THE DRAWINGS 



iii 



^ For a further understanding of the objects and advantages of the present invention, 

Tl reference should be made to the following detailed description, taken in conjunction with the 
j= 1 5 accompanying figures, in which: 



Fig. 1 is a flowchart of a conventional method of shipping goods from a vendor to a 
customer. 

Fig. 2 is a flowchart of eDROPSHIP™, a method for anonymous shipping according to an 
embodiment of the present invention. 

20 Fig. 3 shows another aspect of the present invention, in which the transaction between the 

vendor and the customer includes both anonymous payment and shipment. 
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DESCRIPTION OF THE INVENTION 



DEFINITIONS 



10 



ri 15 



20 



25 



VENDOR: 



CUSTOMER: 



DELIVERY 
ADDRESS: 



SHIPPER: 



PACKAGE: 



BANK: 



Any person or entity that sells and/or offers goods and/or services for 
Sale (the seller). 

Any person or entity that purchases goods and/or services from a 
Vendor (the buyer). The customer may be a business who, for 
business, privacy, or business reasons (such as the preservation of 
trade secrets, for example) may want to purchase and receive goods 
anonymously. 

A location to which the package is to be delivered. The delivery 
address may be a physical location to which a physical package may 
be delivered or may be an electronic address over a computer 
network such as the Internet. 

Any person or entity that ships or forwards the purchased goods 
and/or services to the delivery address. 

Any package that contains the goods or item(s) purchased by 
purchaser that is to be delivered by the shipper to the delivery 
address. The package may be in any form, such as a letter or 
package. The package may also be large, such as a Sea-Land® 
container or a railroad boxcar, for example. Alternatively, the 
package may be in electronic form and may include one or more 
electronic files to be delivered to an electronic address. 

As used herein, the term "bank" includes all financial services 
institutions accepting deposits of cash, negotiable securities, 
marketable shares/stock into numbered (or otherwise uniquely- 
identified) accounts and honoring checks, drafts and/or other 
customer instructions. Such a definition includes (but is not limited 
to) traditional banks and savings institutions; stockbrokers, online 
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trading concerns, credit unions and any institution that legally 
identifies with and has some financial and fiduciary relationship with 
an account holder and that has the ability to honor customer or 
account holder instructions referring to specific accounts. Within the 
5 context of the present invention, the term "bank" also includes such 

institutions as post offices or other governmental agencies that carry 
out banking or quasi-banking functions. 

FUNCTIONAL OVERVIEW 

Fig. 2 is a flowchart of the eDROPSHIP™ method for anonymous shipping, according to 
10 an embodiment of the present invention. The method begins at step S20. At S21, the customer 
makes a purchase from, for example, the vendor's Web site. At step S22, the customer requests 
^0 anonymous payment (anonymous with respect at least to the vendor) for his or her purchase 

si- 

3 ~ 

through his or her bank 20. Although any means and/or methods for anonymous payment may be 
2* implemented within the context of the present invention, particularly well-suited methods and 

t - 5 

J5 means for doing so are disclosed in commonly assigned US patent applications serial numbers 
P 09/272,056 filed March 18, 1999 and 09/405,741 filed September 24, 1999, the disclosures of 
4* which are hereby incorporated herein in their entirety. It is to be noted that the present invention 
O also finds applicability in situations wherein the payment is not anonymous, but the customer does 

not wish to disclose the identity or address of the recipient of the package to the vendor and to any 
20 situation in which the customer wishes to keep the address of the package recipient from the 

vendor. The present invention is also applicable to in-person cash transactions. 

According to the present invention, the only entity that should hold the customer's personal 
and confidential information is that entity that already enjoys a fiduciary relationship and a trusted 
relationship with the customer. According to an embodiment of the present invention, that entity is 
25 the customer's bank 20. The bank 20 is well suited to intermediate in electronic transactions, as it 
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already stores the customer's financial and personal information in its secure database(s). 
According to the present invention, the bank 20 restricts access to the customers' personal and 
financial information, such as account numbers, credit card numbers, passwords, address, phone 
numbers and the like. As shown at S23, the bank 20 processes the request for anonymous payment 
for the goods purchased by the customer. For example, the request for anonymous payment may 
be in the form of an electronic draft. Using generally accepted legal terms, a draft is a written 
order by a first party, called the drawer, instructing a second party, called the drawee, to pay 
money to a third party, called the payee. In terms of the present invention, the vendor may be 
thought of as the payee, the customer as the drawer and the bank may be thought of as the drawee. 
In step S24, the bank 20 authorizes, guarantees and/or releases payment (on the electronic draft, for 
example) to the vendor for the goods (and/or the shipping charges) purchased by the customer. 
Along with or separately from the authorization, guarantee and/or electronic payment, the bank 20 
sends a package code through the network 22 to the vendor, as shown in step S24. Preferably, the 
package code sent to the vendor includes a code number and machine-readable indicia expressing 
the code number. The code number may be an entirely numerical code number or may include 
other symbols and/or letters. According to an embodiment of the present invention, the machine- 
readable indicia includes a barcode. Other machine-readable indicia may be used within the 
context of the present invention. Examples of suitable machine-readable codes include the PDF 
code developed by Symbol Technologies, Inc. and the DataGlyph code developed by Xerox, Inc. 
The PDF code is a two-dimensional code that is used for the identification of fungible items, and is 
read using a handheld laser beam scanning technique. The DataGlyph code is a two-dimensional 
code disclosed in US patent no. 5,245,165 and is used to provide information on office forms that 
are scanned using a conventional general-purpose document reader. 
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According to an embodiment of the present invention, the package code is entirely devoid 
of any package delivery information. Alternatively, the package code includes the delivery 
address, but in a form that is unreadable by the vendor. In any event, the vendor is not given 
access to the package delivery address, and thus cannot misuse the information or include such 
5 information in any later (even legitimate) marketing or sales efforts. Having received the package 
code from the bank 20, the vendor affixes or somehow otherwise imprints the package code on the 
package to be shipped. According to one embodiment of the present invention, the vendor affixes 
an adhesive label onto the package, the adhesive label bearing the package code thereon. For 
example, the vendor may affix a label onto the package to be shipped, the label having the 
Q0 machine-readable indicia such as a barcode, PDF, DataGlyph or other code printed thereon. The 
4- bank 20, as shown at S25, also sends a shipping identifier and an associated delivery address 

- s ^ 
?tl - 
■asf 

H through the network 22 to a shipper such as, for example, the Untied States Postal Service or any 
private shipping or freight company, such as FedEx®, UPS® or DHL® for example. The bank 20 
j=5 retrieves this information from its secure database and sends the shipping identifier and associated 
f|15 delivery address through a secure communication channel using a standardized protocol, such as 
u the Secure Socket Layer (hereafter "SSL"), for example. SSL utilizes an encryption scheme (such 
as a public key encryption scheme, for example) negotiated at the time of the communication and 
helps to ensure that electronic eavesdroppers between the shipper and the bank 20 cannot intercept 
any clear, unencrypted communication. 

20 The shipper to which the shipping identifier and the associated package delivery address 

are sent may be selected by the customer or by the bank 20. The shipping identifier sent to the 
selected shipper matches the package code sent to the vendor. The shipper stores the shipping 
identifier and the associated delivery address. As shown at S26, the shipper then picks up the 
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package at the vendor's location, reads the package code, matches the read package code with the 
received shipping identifier and prints out a shipping label bearing the associated package delivery 
address thereon and affixes same to the package. In this manner, only the shipper and the bank 
know and/or have access to the delivery address. As shown in step S27, the shipper may now ship 
5 the package to the address on the shipping label in the usual manner. The shipped package may 
then be received at the intended delivery address, as shown at step S28, whereupon the method 
according to the present invention ends at S29. 

In practice, the bank 20 may send the vendor an estimate of when the shipper will pick up 
the package, along with the package code. When the bank 20 sends the shipper the shipping 
D9 identifier and associated delivery address, as shown in step S25, the bank 20 preferably also sends 
Hh the shipper the vendor's name, address and contact information, such as telephone number(s), 
facsimile number(s) and email address, for example. The bank 20 may also send the shipper the 
jrl customer's telephone number or other contact information. This information may be sent to the 
p shipper's database and thereafter replicated or otherwise downloaded into a portable digital device, 
Jg such as a Palm Computing device, as manufactured/modified by Symbol Technologies, Inc., for 
O example. Such a device may store a subset of the shipper's main database. For example, an 
Oracle 8i Lite database may reside on the portable digital device and the subset of the shipper's 
main database may be replicated wirelessly into the portable digital device. In such a case, the 
above-listed information may be replicated therein, to allow the shipper to make the pick up and 
20 match the package code on the package with the shipping identifier and associated delivery address 
stored in the database (Oracle 8i Lite, for example, or a later version or incarnation thereof). 
Preferably, the portable digital device includes an integrated code reader device for reading the 
machine-readable indicia affixed to the package and a printer for printing out a shipping label, or 
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the relevant portion thereof containing the package delivery address. Upon reading the machine- 
readable indicia affixed by the vendor on the package to be delivered, the database residing on the 
portable digital device then matches the package code embodied in the machine-readable indicia 
with the shipping identifier and associated delivery address (including the name of the recipient of 
5 the package, if appropriate) stored therein. The retrieved delivery address is then passed to the 
printer of or coupled to the portable digital device, which then prints the shipping label. The 
shipper may then affix the shipping label to the package and the shipping and actual delivery of the 
package may then proceed in the usual manner. 

The methods and systems for anonymous shipment according to the present invention may 
fil also be utilized for shipping packages to addresses other than the address of the bank account 
^ holder. For example, the package may be "in care of the bank account holder, but addressed to 
;H another person at another address. In that case, the bank account holder may store the "Care of 
H address within the bank database and specify that the "Care of address is to be substituted for the 
q delivery address in step S25. This may be done when the electronic draft is created and forwarded 

a. 

W to the bank 20 for payment or upon otherwise arranging for a bank-intermediated payment or 

i: 

u financing. Alternatively, the package may be a gift, or may have been bought on behalf of a 
person other than the bank account holder. In this case, the bank account holder may have caused 
a "Send to" address to be stored within the bank database, and the "Send to" address may be 
selected by the customer upon causing the electronic draft to be created and forwarded to the bank 

20 20, or upon otherwise arranging for a bank-intermediated payment or financing. In the case 
wherein a package is undeliverable for any reason, the shipper may return the package to the bank 
20 or to some location specified by the bank 20. Thereafter, the bank 20 may generate a message 
(such as an email, for example) informing the customer that his or her package is undeliverable. A 
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charge may be levied against the customer's account to cover the costs associated with shipping 
and storing an undeliverable package. 

The present invention, therefore, provides for an anonymous shipment system and method 
by which the customer's personal and financial information is safeguarded by entities having a 
fiduciary and/or contractual agreement to limit the dissemination of such information. For 
example, the shipper may be under a contractual obligation with the bank 20 not to make any 
disclosure of the personal and/or financial information gained through participation in the method 
or use of the system disclosed herein. Preferably, the bank 20 may only sell aggregate customer 
information to third parties, unless the customer has previously given the bank 20 his or her (full or 
limited) consent to the dissemination of his or her confidential information. The vendor, therefore, 
may purchase aggregate information (i.e., information that does not identify any one customer) for 
use in sales and/or marketing efforts, for example. The aggregate customer information may be 
filtered and sorted by the bank 20 to provide the vendors only with that information that they have 
requested, and only in the form in which they have requested the information. The vendor's sales 
and marketing informational needs are satisfied, therefore, without subjecting the customer to 
unwanted solicitations and intrusions into their privacy. 

Should, however, the vendor wish to contact the customer to notify the customer of a 
product recall or to send the customer advertisement and special promotions, the vendor may send 
same electronically to the bank 20, including therein the package code sent to in step S24. The 
bank 20 may then forward the electronic recall, advertisement or promotion to the customer's 
physical or electronic address (e.g., email address), unless the customer bank account holder has 
previously indicated his or her preference not to receive any such messages or messages from this 
vendor, excepting, for example, product safety and recall information. Therefore, the vendor's link 
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to the customer is not necessarily severed, but is managed and under the control of the customer, 
which is the party bearing the risk of loss in the case of uncontrolled dissemination of personal 
information. Implementation of the present method and system eventually recaptures the 
customers' confidentiality, as the vendors' databases will no longer be updated as the customers' 
5 personal and financial information changes. Instead, only the bank 20 and the shipper, both under 
a duty to preserve the confidentiality of the customers' information, will have access thereto. 

The bank 20, according to the present invention, may guarantee that the shipper's charges 
will be paid. Indeed, the shipper may be paid directly from the account holder's account. In this 
manner, the vendor preferably only charges for the cost of the item and not for any related (and oft 
tj| inflated) "shipping and handling" charges. 

% In the case wherein the goods purchased by the customer form the vendor are in electronic 

?1 form, such as software, music or data, the bank 20 may send the vendor a package code and an 
hi electronic forwarding address to which to forward the customer's purchase. The vendor may then 
Cj transmit the software, music or data to the specified electronic forwarding address, together with 
W the supplied package code. The bank 20 may then match the package code with the customer's 
y account(s) and cause the software, music, or other digital data purchased by the customer to the 
customer's own electronic address, to the customer's "Care of electronic address or to the 
customer's "Send to" electronic address, as specified by the customer upon purchasing the item 
and arranging for its payment, whether anonymous or otherwise. The customer may modify his or 
20 her payment information, physical address(es), electronic address(es), "Care of address(es), "Send 
to" address(es) or any other delivery address(es) at any time by logging onto a secure Web site 
maintained and controlled by the bank 20, becoming authenticated by the bank 20 by means of an 
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ID/Password pair (for example), and entering/modifying the desired information by clicking a 
"Shipping Options" selection, for example. 

Fig. 3 shows another aspect of the present invention, in which the transaction between the 
vendor and the customer includes both anonymous payment and shipment. As shown therein, a 
method of enabling a customer to anonymously purchase an item from a vendor via an electronic 
draft for delivery to an address without divulging the delivery address to the vendor may include 
the following steps. At step S31, an encrypted identifier unique to the customer is stored in a bank, 
or other trusted entity. The encrypted unique identifier is linked to the customer's personal and 
financial information stored in the bank, including the delivery address (or one or more "Send to" 
addresses and/or one or more "Care of addresses). The delivery address may be the customer's 
own home or business address, or someone else home or business address. In step S32, it is 
determined whether the customer has been authenticated by the bank. To do so, the customer may 
log onto the bank's Web site set up for that purpose, as disclosed in above-cited US patent 
applications 09/272,056 and/or 09/405,741. The bank-buyer agreement will define the appropriate 
authentication measures. Once logged on over the network 22 (which may, for example, include 
the Internet), the customer provides the bank 20 with identification data, at least a portion of which 
may be immediately encrypted and compared with the previously stored encrypted unique 
identifier for that customer. Upon a successful match, the customer is authenticated. If the 
identification data provided does not match the stored encrypted unique identifier, the customer is 
not authenticated and no electronic draft will be honored on the customer's account (until such 
authentication is successful), as shown at S3 3. At S34, the bank 20 or other trusted party retrieves 
the stored customer's personal and/or financial information linked to the encrypted unique 
identifier. At step S35, the electronic draft presented to the bank 20 for payment of the customer's 
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purchases is honored, subject to any bank-imposed restrictions, such as sufficient account balances 
or credit, for example. The bank 20 may then assign a package code to the item(s) purchased by 
the customer and send the package code (preferably electronically) to the vendor. The vendor may 
then affix a machine-readable indicia expressing the package code to the package. As shown at 
5 S3 8, the package code and the package delivery address may be sent to the shipper, along with an 
identification of the vendor and other relevant information. In a preferred embodiment, the shipper 
maintains an iDRAFT™ account at a participating iDRAFT™ bank, in the manner disclosed in the 
above cited US patent applications serial numbers 09/272,056 and/or 09/405,741. The shipper 
may then pick up the package identified by the package code, read the machine-readable indicia 

y) affixed thereto, retrieve the delivery address associated therewith, print out a shipping label and 

j« affix same to the package. 

u The customer's identification data may include an ID and a password and/or other 

fi identifying data, such as biometric data, for example. As the customer's password is known to the 
^ bank 20 only in encrypted form, the bank 20 preferably encrypts the customer-provided password 
^ immediately upon receipt. Preferably, the customer's encrypted unique identifier, personal and 
Q financial information are stored by the bank 20 or other trusted entity in a data structure managed 
by a Directory software controlled by the bank. Directory software typically includes a repository 
(e.g., a list or database, for example) of names, permissions, resources, hardware, software and 
hierarchical information and/or rules within a network. The phrase "Directory software", 
20 according to the present invention, encompasses any software including or managing such a 
repository that is designed to operate on computers coupled to a network. For example, the bank 
20 may store the above-listed information in a Directory software compatible with and accessible 
through Directory access software, such as Directory access software compatible with the X.500 
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Directory Access Protocol (DAP) 5 which protocol is incorporated herein by reference, or a subset, 
extension or variant thereof. One such subset of DAP is the Lightweight Directory Access 
Protocol or LDAP. For example, the customer's bank 20 may implement Oracle Internet 
Directory™ (OiD™) software (or upgrades/variants thereof), a software product developed by the 

5 assignee of the present invention. OiD™ combines a native implementation of the Internet 
Engineering Task Force f s (IETF) LDAP v3 standard (also incorporated herewith in its entirety by 
reference) with, for example, an Oracle8 (or later implementation) back-end data store. In like 
manner, the shipper may store the package code and the delivery address provided to it by the bank 
20 within a database managed by a Directory software compatible with the LDAP v3 (or later 

IQ versions) protocol, such as the above-identified OiD™ software from Oracle Corporation. A 
portion of this database may be replicated (via the LDAP protocol, for example) in a portable 

□ digital device (such as the SPT1700 series of "Palm" computing devices manufactured/modified 

0J by Symbol Technologies, Inc., for example) in which an Oracle 8i Lite (or later versions thereof) 

: J : 

^ database resides. This allows the shipper actually making the pick up of the package to have all 
fi£ relevant information available at the vendor's location when he or she picks up the package 
X identified by the package code. Other Directory software may be used for this purpose, such as 
Novell Directory Services™ (NDS™) of Novell, Inc. 

While the foregoing detailed description has described preferred embodiments of the 
present invention, it is to be understood that the above description is illustrative only and not 
20 limiting of the disclosed invention. Those of skill in this art will recognize other alternative 
embodiments and all such embodiments are deemed to fall within the scope of the present 
invention. Thus, the present invention should be limited only by the claims as set forth below. 
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